Clean up (most of) the mess of multiple trust anchors left over from

early experiments, because cleaning up the mess was easier than
documenting it.

svn path=/scripts/Makefile; revision=1458

8 files changed, 26 insertions, 21 deletions

diff --git a/scripts/Makefile b/scripts/Makefile
index fdcb54b3..1272d9e6 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -48,6 +48,9 @@ rpki/relaxng.py: left-right-schema.rng up-down-schema.rng make-relaxng.py
 	python make-relaxng.py >$@.tmp
 	mv $@.tmp $@
 
+all-tests:: all
+	sh -x rootd.sh run
+
 test all-tests:: all
 	python testbed.py -y testbed.1.yaml
 
diff --git a/scripts/biz-certs/Bob-CA.srl b/scripts/biz-certs/Bob-CA.srl
index 801e87d0..fbf6d022 100644
--- a/scripts/biz-certs/Bob-CA.srl
+++ b/scripts/biz-certs/Bob-CA.srl
@@ -1 +1 @@
-90801F1ED194555E
+90801F1ED1945561
diff --git a/scripts/irbe-cli.py b/scripts/irbe-cli.py
index 21c24c70..080031ef 100755
--- a/scripts/irbe-cli.py
+++ b/scripts/irbe-cli.py
@@ -165,10 +165,10 @@ except lxml.etree.DocumentInvalid:
 
 q_cms = rpki.cms.sign(q_xml,
                         rpki.x509.RSA(Auto_file = cfg.get("cms-key")),
-                        rpki.x509.X509_chain(Auto_files = cfg.multiget("cms-cert")))
+                        rpki.x509.X509_chain(Auto_files = cfg.multiget("cms-certs")))
 
 r_cms = rpki.https.client(privateKey    = rpki.x509.RSA(Auto_file = cfg.get("https-key")),
-                          certChain     = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-cert")),
+                          certChain     = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-certs")),
                           x509TrustList = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta")),
                           url           = cfg.get("https-url"),
                           msg           = q_cms)
diff --git a/scripts/irdbd.py b/scripts/irdbd.py
index 1d79e875..116c6af6 100755
--- a/scripts/irdbd.py
+++ b/scripts/irdbd.py
@@ -99,7 +99,7 @@ cur = db.cursor()
 
 cms_ta          = rpki.x509.X509(Auto_file = cfg.get("cms-ta"))
 cms_key         = rpki.x509.RSA(Auto_file = cfg.get("cms-key"))
-cms_certs       = rpki.x509.X509_chain(Auto_files = cfg.multiget("cms-cert"))
+cms_certs       = rpki.x509.X509_chain(Auto_files = cfg.multiget("cms-certs"))
 
 u = urlparse.urlparse(cfg.get("https-url"))
 
@@ -111,7 +111,7 @@ assert u.scheme in ("", "https") and \
        u.fragment == ""
 
 rpki.https.server(privateKey = rpki.x509.RSA(Auto_file = cfg.get("https-key")),
-                  certChain  = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-cert")),
+                  certChain  = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-certs")),
                   host       = u.hostname or "localhost",
                   port       = u.port or 443,
                   handlers   = ((u.path, handler),))
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py
index 263b47a0..4bc2e64e 100644
--- a/scripts/rpki/left_right.py
+++ b/scripts/rpki/left_right.py
@@ -989,7 +989,7 @@ def irdb_query(gctx, self_id, child_id = None):
   r_cms = rpki.https.client(
     privateKey    = gctx.https_key,
     certChain     = gctx.https_certs,
-    x509TrustList = gctx.https_tas,
+    x509TrustList = gctx.https_ta,
     url           = gctx.irdb_url,
     msg           = q_cms)
   r_elt = rpki.cms.xml_verify(r_cms, gctx.cms_ta_irdb)
diff --git a/scripts/rpkid.py b/scripts/rpkid.py
index 6518a112..38c185b0 100755
--- a/scripts/rpkid.py
+++ b/scripts/rpkid.py
@@ -80,7 +80,7 @@ class global_context(object):
 
     self.https_key   = rpki.x509.RSA(Auto_file = cfg.get("https-key"))
     self.https_certs = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-cert"))
-    self.https_tas   = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta"))
+    self.https_ta    = rpki.x509.X509_chain(Auto_files = cfg.multiget("https-ta"))
 
     self.irdb_url    = cfg.get("irdb-url")
 
diff --git a/scripts/testbed.py b/scripts/testbed.py
index 12e6f36a..990e3150 100644
--- a/scripts/testbed.py
+++ b/scripts/testbed.py
@@ -694,27 +694,27 @@ sql-username	= irdb
 sql-password	= %(irdb_db_pass)s
 
 cms-key		= %(my_name)s-IRDB-EE.key
-cms-cert.0	= %(my_name)s-IRDB-EE.cer
-cms-cert.1	= %(my_name)s-IRDB-CA.cer
+cms-certs.0	= %(my_name)s-IRDB-EE.cer
+cms-certs.1	= %(my_name)s-IRDB-CA.cer
 cms-ta		= %(my_name)s-RPKI-TA.cer
 
 https-key	= %(my_name)s-IRDB-EE.key
-https-cert.0	= %(my_name)s-IRDB-EE.cer
-https-cert.1	= %(my_name)s-IRDB-CA.cer
+https-certs.0	= %(my_name)s-IRDB-EE.cer
+https-certs.1	= %(my_name)s-IRDB-CA.cer
 
 https-url	= https://localhost:%(irdb_port)d/
 
 [irbe-cli]
 
 cms-key		= %(testbed_name)s-EE.key
-cms-cert.0	= %(testbed_name)s-EE.cer
-cms-cert.1	= %(testbed_name)s-CA.cer
-cms-ta		= %(my_name)s-RPKI-TA.cer
+cms-certs.0	= %(testbed_name)s-EE.cer
+cms-certs.1	= %(testbed_name)s-CA.cer
+cms-tas		= %(my_name)s-RPKI-TA.cer
 
 https-key	= %(testbed_name)s-EE.key
-https-cert.0	= %(testbed_name)s-EE.cer
-https-cert.1	= %(testbed_name)s-CA.cer
-https-ta.0	= %(my_name)s-RPKI-TA.cer
+https-certs.0	= %(testbed_name)s-EE.cer
+https-certs.1	= %(testbed_name)s-CA.cer
+https-tas	= %(my_name)s-RPKI-TA.cer
 
 https-url	= https://localhost:%(rpki_port)d/left-right
 '''
diff --git a/scripts/testpoke.py b/scripts/testpoke.py
index ca476ef8..1af03a72 100644
--- a/scripts/testpoke.py
+++ b/scripts/testpoke.py
@@ -74,7 +74,7 @@ def query_up_down(q_pdu):
   rpki.relaxng.up_down.assertValid(q_elt)
   q_cms = rpki.cms.xml_sign(q_elt, cms_key, cms_certs, encoding = "UTF-8")
   r_cms = rpki.https.client(
-    x509TrustList = https_tas,
+    x509TrustList = https_ta,
     privateKey = https_key,
     certChain = https_certs,
     msg = q_cms,
@@ -114,8 +114,10 @@ https_key   = get_PEM("ssl-key", rpki.x509.RSA)
 https_cert  = get_PEM("ssl-cert", rpki.x509.X509)
 https_certs = get_PEM_chain("ssl-cert-chain", https_cert)
 
-https_tas   = rpki.x509.X509_chain()
-if https_ta is not None:
-  https_tas.append(https_ta)
+ta = https_ta
+https_ta    = rpki.x509.X509_chain()
+if ta is not None:
+  https_ta.append(ta)
+del ta
 
 dispatch[yaml_req["type"]]()